diff --git a/README.md b/README.md
index 278e50f..35c4b18 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,23 @@
 
 ---
 
+> [!WARNING]
+> **⚠️ Unreleased Software ⚠️**
+>
+> 🚧 This project is under active development and **not yet released**. APIs, configuration formats, and behavior may change without notice. Please **do not use without contacting the author** about the current state of the project. 🚧
+
+> [!CAUTION]
+> **⚠️ Development Tool Only ⚠️**
+>
+> 🚧 Sandcage is designed for **local development use**. Do **not** use it in CI pipelines or production environments — container isolation is not yet hardened for those contexts. 🚧
+
+### Planned Features
+
+- **Full encapsulation hardening** — for worker and CI environments, ensuring complete sandboxing of file system, network, and credentials
+- **ACP integration** via [`dirigate`](https://github.com/dirigence/dirigate) — Agent Communication Protocol support for structured agent orchestration
+
+---
+
 ## Why Sandcage?
 
 AI coding agents need broad access to do their work: shell, filesystem, network. Letting them run directly on your machine means they share your credentials, your session history, and your entire environment.